Security Compass SD Elements 2022.2 delivers developer-centric approach to software threat modeling
Security Compass released SD Elements 2022.2, offering new capabilities to help organizations deliver developer-centric software threat modeling.
By simplifying and accelerating the creation of threat models, and driving standardization across software development and application security teams, SD Elements supports developer-centric threat modeling. This approach prioritizes the speed of software development without compromising the security and compliance required to release.
New features in the SD Elements 2022.2 release include developer-centric threat modeling diagrams, reusable components, advanced reports, new security content and integrations, and 114 new just-in-time training (JITT) micromodules. Additional updates include several new capabilities designed to help software developers and application security teams release secure software faster.
Shifting security ownership from siloed security teams builds a collaborative approach that is easier for development teams to understand and support security needs, and makes it easier for developers to contribute to building secure and compliant software early and often.
Key updates and benefits of SD Elements 2022.2 include:
- Developer-centric threat model diagrams: Automatically generates a threat model diagram by depicting the architectural components on the diagram based on survey answers.
- Reusable components: Allows users to efficiently model complex, multicomponent software applications built using a microservices architecture or service oriented approach.
- Advanced reports: Gives users the ability to easily create rich reports with data visualization from scratch or using pre-built report templates, and dive into the status of software security and compliance or identify the most prevalent threats and weaknesses across a portfolio.
- New integrations: Expands integration ecosystem with the introduction of Black Duck software composition analysis (SCA) tool.
- New security content: Now includes best practices to securely set up and use Terraform for cloud infrastructure. These security recommendations are offered in the form of tasks and just-in-time training modules; NIST 800-218, the Secure Software Development Framework (SSDF) and gap remediation of other items required by EO 14028; and privacy guidelines for The California Privacy Rights Act of 2020 (CPRA).
“The industry is increasingly recognizing the benefits of performing threat modeling throughout the software development lifecycle (SDLC). At Security Compass, we are committed to helping our customers mitigate cyber security risks at scale with the ability to automate their threat modeling programs,” said Trevor Young, Chief Product Officer, Security Compass. “Building secure software necessitates a holistic approach to security, which includes bringing ‘secure by design’ principles to life. Our continuous investments in the SD Elements platform are enabling developer-centric threat modeling that makes it easier to build secure and compliant software.”
SD Elements brings threat modeling into DevOps by using a consistent, automated process that enables teams to determine the right preventive controls for specific projects based on where it is in the systems development life cycle. Other benefits include improved visibility into the security and compliance posture of your software, devices, and embedded systems including the verification of control implementation through visual and easy-to-interpret custom and pre-built report templates.